Today, secure authentication between a user (or client) and a server is conducted solely by the server and the user, and is constrained by the capabilities and limitations of the server, the user device, and the link between them. The authentication is typically done by the user using a username/password.
There are severe security limitations with this configuration. Passwords and usernames are generally selected as short phrases to be remembered and are not changed frequently from one login to the next login. This increases the risk of interception. The wireless or wire-line link between the user device and the server is also typically a simple connection and poses a high risk of interception.
Also, when a user has to access multiple servers, the user needs to remember multiple passwords or carry multiple secureID tags in order to access different servers. Performing complex and specialized authentication tasks such as location-based security, voice signature, or other biometrics by each individual server is expensive and might not be feasible for some servers to perform.